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AMENDMENTS TO THE SPECIFICATION 
[page 2, second paragraph:] 

Section 6.6 of the 802. ID standard sets forth a filtering service in a bridged LAN. The 
filtering service provides for administrative control over the use of ports by a single MAC 
address or a group of addresses, and reduces the load placed on MAC devices caused by the 
reception of frames that are destined for other devices. It limits frames destined for specific 
MAC addresses to parts of the network which, to a high probability, lie along a path between the 
source MAC address and the destination MAC address. It also reduces the distribution of group- 
addressed frames to those parts of the network which contain MAC devices that are legitimate 
recipients of that traffic, thus increasing the overall throughput of the network. 

[page 2, third paragraph:] 

The filtering service maintains a filtering database to determine whether to relay a 
specific frame from one port to another. Section 7.9, at page 42 of the 802, ID standard - defines 
static and dynamic entries in the database. Each entry maps a destination MAC address to a port 
of the bridge. While static entries are fixed, dynamic entries in the filtering database are updated 
though a learning process, set out in section 7.8, page 42 of the 802. ID standard . The learning 
process observes the source addresses of frames received on each port, and dynamically updates 
the filtering database (conditionally on the state of the receiving port). It either creates or 
updates an entry in the filtering database, associating the port on which the frame was received 
with the frame's source MAC address. If the filtering database is filled to capacity when a new 
entry is to be created, an existing entry is removed to make room for the new one. 

[page 3, first full paragraph:] 

An aging mechanism is set forth in section 7.9.2 of the 802. ID standard . The aging 
mechanism is responsible for deletion of dynamic entries in the filtering database, freeing space 
to new entries instead of old entries that have low chance of use and ensuring that MAC 
addresses that have moved to a different LAN will not be permanendy prevented from receiving 
frames. It also allows changes of topology of a network that includes many bridges and LANs. 
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[page 3, second full paragraph:] 

If a frame is received on a given port of a bridge with a destination MAC address that 
does not appear in the filtering database, the forwarding process of the bridge (section 7.7 of the 
802. ID standard) performs a broadcast of the received frame, known as "flooding" the frame, 
through the other ports. The broadcast may be limited to a particular broadcast domain, i.e., to a 
group of stations in the network that can communicate as if they were on the same LAN. 
(Virtual LANs (VLANs), as described below, facilitate easy administration of such groups.) 
Even so, the frame broadcast performed by the forwarding process causes two problems: traffic 
load on the network, and computational load on the MAC bridge. Therefore, efficient 
management of the filtering database and of the learning process used to build the database are 
important, in order to minimize flooding. 

[page 8, second paragraph:] 

In preferred embodiments of the present invention, the learning process carried out by a 
virtual bridge is limited to modifying only a portion of the shared filtering database in a period of 
time, referred to as the learning period. For any given communication domain, such as a VLAN 
or TLS domain, the rate of the learning process is limited, so that the processes performs adds no 
more than a budgeted number of learning processes entries to the database within any given 
learning period. Frames received "over budget" from a VLAN or TLS domain with an unknown 
source MAC address are discarded. The budget level is preferably set so that under normal 
network traffic conditions, the rate of the learning process is substantially unaffected. Under 
exceptional conditions, however, such as a DOS attack, the budget inhibits the learning process 
in order to prevent breakdown on the bridge and interruption of normal network services. 
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